<p><a href="https://www.w3.org/TR/permissions/#powerful-feature">Powerful features</a> are browser features (geolocation, camera, microphone …​) that
can be accessed with JavaScript API and may require a permission granted by the user. These features can have a high impact on privacy and user
security thus they should only be used if they are really necessary to implement the critical parts of an application.</p>
<p>This rule highlights intrusive permissions when requested with <a href="https://developer.mozilla.org/en-US/docs/Web/API/Permissions/query">the
future standard (but currently experimental) web browser query API</a> and specific APIs related to the permission. It is highly recommended to
customize this rule with the permissions considered as intrusive in the context of the web application.</p>
<h2>Ask Yourself Whether</h2>
<ul>
  <li> Some powerful features used by the application are not really necessary. </li>
  <li> Users are not clearly informed why and when powerful features are used by the application. </li>
</ul>
<p>You are at risk if you answered yes to any of those questions.</p>
<h2>Recommended Secure Coding Practices</h2>
<ul>
  <li> In order to respect user privacy it is recommended to avoid using intrusive powerful features. </li>
</ul>
<h2>Sensitive Code Example</h2>
<p>When using <a href="https://developer.mozilla.org/en-US/docs/Web/API/Geolocation_API">geolocation API</a>, Firefox for example retrieves personal
information like nearby wireless access points and IP address and sends it to the default geolocation service provider, <a
href="https://www.google.com/privacy/lsf.html">Google Location Services</a>:</p>
<pre>
navigator.permissions.query({name:"geolocation"}).then(function(result) {
});  // Sensitive: geolocation is a powerful feature with high privacy concerns

navigator.geolocation.getCurrentPosition(function(position) {
  console.log("coordinates x="+position.coords.latitude+" and y="+position.coords.longitude);
}); // Sensitive: geolocation is a powerful feature with high privacy concerns
</pre>
<h2>Compliant Solution</h2>
<p>If geolocation is required, always explain to the user why the application needs it and prefer requesting an approximate location when
possible:</p>
<pre>
&lt;html&gt;
&lt;head&gt;
    &lt;title&gt;
        Retailer website example
    &lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
    Type a city, street or zip code where you want to retrieve the closest retail locations of our products:
    &lt;form method=post&gt;
        &lt;input type=text value="New York"&gt; &lt;!-- Compliant --&gt;
    &lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre>
<h2>See</h2>
<ul>
  <li> OWASP - <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">Top 10 2021 Category A1 - Broken Access Control</a> </li>
  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Web Top 10 2017 Category A3 - Sensitive Data
  Exposure</a> </li>
  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/250">CWE-250 - Execution with Unnecessary Privileges</a> </li>
  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/359">CWE-359 - Exposure of Private Information</a> </li>
  <li> <a href="https://www.w3.org/TR/permissions/">W3C</a> - Permissions </li>
  <li> <a href="https://support.mozilla.org/en-US/kb/does-firefox-share-my-location-websites">Mozilla</a> - Does Firefox share my location with
  websites? </li>
</ul>
